We are happy to provide you with all required information to perform a Data Protection Impact Assessment (DPIA) in accordance with the General Data Protection Regulation (GDPR).
When do I need to perform a DPIA?
You need to perform a Data Protection Impact Assessment if you are processing personal data from citizens in the European Economic Area (EEA).
Good to know
The following countries are part of the EEA:
Belgium (BE), Spain (ES), Hungary (HU), Slovakia (SK), Bulgaria (BG), France (FR), Malta (MT), Finland (FI), Czechia (CZ), Croatia (HR), Netherlands (NL), Sweden (SE),Denmark (DK), Italy (IT), Austria (AT), Germany (DE), Cyprus (CY), Poland (PL), Iceland (IS), Estonia (EE),
Latvia (LV), Portugal (PT), Liechtenstein (LI), Ireland (IE), Lithuania (LT), Romania (RO), Norway (NO), Greece (EL), Luxembourg (LU), Slovenia (SI).
What is a DPIA?
An DPIA is a formal procedure to assess the compliance of the data processing activities you would like to perform. Thereby you will determine the privacy risks related to the processing and you determine if mitigating measures are required to mitigate or lower the privacy risks.
Why should I perform a DPIA?
The DPIA needs to be performed in accordance with the GDPR.
How should I perform a DPIA?
In a DPIA you should describe and assess the processing activities which you would like to perform. The following areas could be part of the Data Protection Impact Assessment:
DPIA requirement |
Verifai answers |
|
Subject of the processing activities |
Describe by yourself |
|
Proposal of the processing |
Describe your use case. You can describe your own use case or pick a use case description which fits your use case here. |
|
Description of all types of personal data which shall be processed |
You can process a wide variety of personal data with the Verifai products and services. You can find all the data objects in the documentation. |
|
Description how the personal data will be processed |
This depends on the set of solutions you will use. Find more information and a brief overview about our solutions here. |
|
Description of the purpose for processing the personal data; |
Describe by yourself |
|
Description of the involved parties (e.g. controller, processor, sub-processor) |
Controller You |
|
Processor Verifai |
||
Sub-processor
|
||
The processing locations (e.g. countries) |
Local processing N/A |
|
SaaS processing Western-Europe (e.g. Netherlands, Ireland) |
||
The technical methods used for processing personal data |
This depends on the set of solutions you will use. Find more information and a brief overview about our solutions here. |
|
Description of the legal and policy framework |
Describe by yourself if there are any legislation applicable to process the personal data (e.g. AML/KYC legislation). |
|
Description of the retention periods |
You can set your own data retention period in the Verifai SaaS products. Find more information in the documentation. |
|
Describe the legal basis of the processing |
Determine on which legal basis you will process personal data: (1) consent by the individual, (2) based on an agreement, (3) legal obligation, (4) vital interests, (5) public interest, (6) legitimate interest. |
|
Describe if you would like to process special personal data |
Describe by yourself |
|
Describe the purpose limitation of processing the personal data |
Describe by yourself |
|
Describe the necessity and proportionality of processing the personal data |
Describe by yourself |
|
Describe how you comply with the rights in accordance with the GDPR of the involved individuals |
Describe by yourself |
|
Describe the risks and the measures taken to mitigate or minimize the risks |
Roles between the parties (e.g. controller, processor or sub-processor); |
Describe by yourself |
Legal basis in accordance with the GDPR |
Describe by yourself |
|
The purpose of processing |
Describe by yourself |
|
The minimization of data |
Describe by yourself |
|
Data Quality |
Describe by yourself |
|
Security |
Describe by yourself |
|
Limitation of storage |
Describe by yourself |
|
Information about the processing activities for involved individuals; |
Describe by yourself |
|
Rights and freedoms of the involved individuals; |
Describe by yourself |
|
Processors and sub-processors |
Describe by yourself |